Dobrý den přeji,prosil bych o kontrolu pc,při zapnutí a po naběhnutí systému se mi ukáže okno že mám připojený usb disk,přitom je prázdný,tak nevim
Logfile of random's system information tool 1.08 (written by random/random)
Run by Katka at 2011-01-09 10:02:46
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 47 GB (62%) free of 76 GB
Total RAM: 511 MB (40% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:03:47, on 9.1.2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\mozilla\RSIT.exe
C:\Program Files\trend micro\Katka.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ1
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} (CSEQueryObject Object) - http://www.myheritage.cz/Genoogle/Compo ... eQuery.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{69553CA9-C9F3-4F56-BEE2-59FE7D83CB52}: NameServer = 93.91.144.100,212.80.67.98
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: CLCV0 (UTSCSI) - Unknown owner - C:\WINDOWS\system32\UTSCSI.EXE
--
End of file - 6952 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Game_Booster_Startup.job
C:\WINDOWS\tasks\RegistryBooster.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-08-04 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-08-04 79648]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-05-02 13529088]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-05-02 86016]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2010-11-08 2219184]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2006-09-01 282624]
"Family Tree Builder Update"=C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe [2010-10-31 226832]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-12-16 2402512]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAE.EXE [2007-03-01 180736]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
C:\Genius\ioCentre\gTaskBar.exe [2006-12-08 241664]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS]
[]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
C:\PROGRA~1\MAGICD~1\MAGICD~1.EXE [2009-02-23 576000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
C:\PROGRA~1\MICROS~2\Office12\ONENOTEM.EXE [2009-02-26 97680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0xFF000000
"NoDriveAutoRun"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0
"NoDriveTypeAutoRun"=323
"NoDrives"=0
"HonorAutoRunSetting"=1
"NoResolveSearch"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
======List of files/folders created in the last 1 months======
2011-01-09 10:02:52 ----D---- C:\Program Files\trend micro
2011-01-09 10:02:46 ----D---- C:\rsit
2010-12-29 14:44:15 ----D---- C:\WINDOWS\system32\DX9
2010-12-27 09:17:55 ----D---- C:\Documents and Settings\Katka\Data aplikací\IObit
2010-12-26 23:58:18 ----D---- C:\Documents and Settings\All Users\Data aplikací\PC Drivers Headquarters
2010-12-26 22:19:08 ----D---- C:\Program Files\FreeApps
2010-12-26 22:18:46 ----D---- C:\Documents and Settings\All Users\Data aplikací\FreeApp
2010-12-26 22:18:18 ----D---- C:\Documents and Settings\Katka\Data aplikací\Online Games Downloader
2010-12-26 22:16:31 ----D---- C:\Documents and Settings\All Users\Data aplikací\IObit
2010-12-26 21:27:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Easy Driver Pro
2010-12-26 19:06:00 ----D---- C:\Documents and Settings\Katka\Data aplikací\Uniblue
2010-12-22 17:40:00 ----D---- C:\WINDOWS\system32\NtmsData
2010-12-22 16:07:46 ----D---- C:\Documents and Settings\Katka\Data aplikací\CyberLink
2010-12-22 15:30:54 ----D---- C:\Program Files\CyberLink
2010-12-15 11:55:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-15 11:35:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-15 11:35:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-15 11:34:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-15 11:34:42 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-15 11:34:25 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-15 11:34:00 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-14 13:59:20 ----D---- C:\Documents and Settings\All Users\Data aplikací\MyHeritage
2010-12-14 13:59:19 ----D---- C:\Documents and Settings\Katka\Data aplikací\MyHeritage
2010-12-12 18:20:45 ----D---- C:\Program Files\MC2
2010-12-10 21:18:17 ----D---- C:\Program Files\IObit
2010-12-10 14:16:31 ----D---- C:\Documents and Settings\Katka\Data aplikací\TuneUp Software
2010-12-10 14:14:47 ----D---- C:\Documents and Settings\All Users\Data aplikací\TuneUp Software
2010-12-10 14:14:16 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2010-12-10 13:17:53 ----D---- C:\Documents and Settings\Katka\Data aplikací\OpenCandy
2010-12-10 13:17:25 ----D---- C:\Program Files\AnvSoft
2010-12-10 13:03:05 ----D---- C:\Program Files\FDRLab
======List of files/folders modified in the last 1 months======
2011-01-09 10:03:05 ----D---- C:\WINDOWS\Temp
2011-01-09 10:02:52 ----RD---- C:\Program Files
2011-01-09 10:02:52 ----D---- C:\WINDOWS\Prefetch
2011-01-09 08:26:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2011-01-09 08:26:15 ----AD---- C:\WINDOWS
2011-01-09 08:25:27 ----D---- C:\WINDOWS\system32\drivers\etc
2011-01-08 23:11:08 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-01-05 12:04:28 ----D---- C:\Program Files\The KMPlayer
2011-01-05 10:11:53 ----D---- C:\WINDOWS\system32
2011-01-04 11:34:12 ----HD---- C:\WINDOWS\inf
2011-01-03 13:54:02 ----D---- C:\WINDOWS\system32\CatRoot
2011-01-03 13:52:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-01-03 13:51:58 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-03 13:48:19 ----AC---- C:\WINDOWS\MyHeritage.INI
2011-01-01 22:41:25 ----D---- C:\Documents and Settings\Katka\Data aplikací\Skype
2011-01-01 22:40:29 ----A---- C:\WINDOWS\NeroDigital.ini
2011-01-01 21:00:12 ----SHD---- C:\WINDOWS\Installer
2011-01-01 21:00:12 ----D---- C:\Config.Msi
2011-01-01 20:58:44 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-01 20:58:42 ----D---- C:\WINDOWS\system32\drivers
2011-01-01 20:54:09 ----D---- C:\WINDOWS\system32\ReinstallBackups
2011-01-01 20:47:12 ----D---- C:\Program Files\Mozilla Firefox
2011-01-01 15:42:51 ----D---- C:\Documents and Settings\Katka\Data aplikací\skypePM
2010-12-28 10:40:03 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-28 10:07:28 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-12-27 14:51:29 ----D---- C:\Program Files\CCleaner
2010-12-27 09:24:09 ----D---- C:\Program Files\epson
2010-12-27 09:17:50 ----D---- C:\WINDOWS\WinSxS
2010-12-27 09:17:16 ----D---- C:\Program Files\Common Files
2010-12-27 09:09:45 ----SD---- C:\WINDOWS\Tasks
2010-12-27 00:12:01 ----RSD---- C:\WINDOWS\assembly
2010-12-27 00:03:58 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-26 21:25:15 ----D---- C:\WINDOWS\system32\config
2010-12-26 20:56:36 ----D---- C:\WINDOWS\system32\wbem
2010-12-26 20:56:34 ----D---- C:\WINDOWS\Registration
2010-12-22 18:20:42 ----D---- C:\WINDOWS\Debug
2010-12-22 17:26:26 ----A---- C:\WINDOWS\win.ini
2010-12-22 17:26:26 ----A---- C:\WINDOWS\system.ini
2010-12-22 16:28:54 ----RSD---- C:\WINDOWS\Fonts
2010-12-22 15:36:30 ----AD---- C:\Documents and Settings\All Users\Data aplikací\Temp
2010-12-22 11:55:09 ----D---- C:\Program Files\MyHeritage
2010-12-16 09:48:10 ----D---- C:\Program Files\Any Video Converter
2010-12-15 13:07:25 ----D---- C:\Program Files\Internet Explorer
2010-12-15 11:56:45 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2010-12-15 11:37:41 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-15 11:36:01 ----D---- C:\WINDOWS\ie8updates
2010-12-15 11:35:35 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-15 11:34:04 ----D---- C:\Program Files\Outlook Express
2010-12-14 08:42:31 ----D---- C:\Maill
2010-12-10 22:16:44 ----RD---- C:\Program Files\Skype
2010-12-10 21:58:02 ----D---- C:\Program Files\MagicDisc
2010-12-10 21:58:02 ----D---- C:\Program Files\BDE5Setup
2010-12-10 21:58:02 ----D---- C:\Documents and Settings\Katka\Data aplikací\Any Video Converter
2010-12-10 13:17:35 ----D---- C:\Documents and Settings\Katka\Data aplikací\AnvSoft
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2006-07-24 36528]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2005-05-17 50176]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2005-05-16 6656]
R0 sfsync02;StarForce Protection Synchronization Driver (version 2.x); C:\WINDOWS\System32\drivers\sfsync02.sys [2005-05-16 19968]
R0 uagp35;Filtr Microsoft AGPv3.5; C:\WINDOWS\system32\DRIVERS\uagp35.sys [2008-04-13 44672]
R0 viamraid;viamraid; C:\WINDOWS\system32\DRIVERS\viamraid.sys [2004-03-29 73600]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 AmdK7;Ovladač procesoru AMD K7; C:\WINDOWS\system32\DRIVERS\amdk7.sys [2008-04-14 41600]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-10 32256]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-07-29 115008]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2010-08-03 55256]
R1 PCLEPCI;PCLEPCI; \??\C:\WINDOWS\system32\drivers\pclepci.sys []
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-08-04 140752]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2010-07-29 134512]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2010-07-29 32608]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
R3 gHidPnp;USB Device Enhanced Function Driver; C:\WINDOWS\System32\Drivers\gHidPnp.Sys [2006-07-14 14848]
R3 gMouUsb;USB Mouse Device Drv; C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2006-07-14 9984]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\WINDOWS\system32\DRIVERS\mcdbus.sys [2009-02-24 116736]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-05-02 6554496]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2004-08-03 20992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S0 Lbd;Lbd; C:\WINDOWS\system32\DRIVERS\Lbd.sys []
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys []
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS []
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2008-04-13 37888]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272128]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]
S3 gMouPS2;PS2 Scroll Mouse Device; C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 17408]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent; C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic; C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 VClone;VClone; C:\WINDOWS\system32\DRIVERS\VClone.sys [2008-09-24 29184]
S3 VIAudio;VIA AC'97 Enhanced Audio Controller (WDM); C:\WINDOWS\system32\drivers\viaudio.sys [2001-11-08 42752]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2010-11-08 810144]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-05-02 159812]
R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-11-02 174656]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 UTSCSI;CLCV0; C:\WINDOWS\system32\UTSCSI.EXE []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [2010-11-08 33584]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe [2008-01-14 447784]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-02-26 652800]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-07-17 136176]
S4 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-07-17 153376]
S4 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2007-12-03 869672]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosím o preventivní kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Prosím o preventivní kontrolu
Zdravím, tyhle zbytečnosti fixni v HJT :
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ1
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
HJT najdeš zde :
C:\Program Files\trend micro\Katka.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
NMIndexingService
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
K tomu USB disku, i když je prázdný systém ho detekuje.
Pro jistotu použij Mbam z mého podpisu a dej mi sem z něj log dříve než něco smažeš, samozřejmě ten disk nech připojený.
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ˙ţ1
O2 - BHO: (no name) - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - (no file)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
HJT najdeš zde :
C:\Program Files\trend micro\Katka.exe
Fix znamená že spustíš HJT
v okně které se ti otevře klikneš na Do a system scan only
v dalším okně najdeš řádky které jsem ti vypsal,
vedle nich je čtvereček do kterého uděláš zatržítko,
pak klikneš na Fix checked které je vlevo dole,
program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.
Přes Start >> Spustit >> napiš - services.msc >> OK. Najdi službu :
NMIndexingService
klikni na ni pravým myšítkem, zvol vlastnosti, na další kartě nejprve službu zastav tlačítkem Zastavit a u položky Typ spouštění zvol Zakázáno.
K tomu USB disku, i když je prázdný systém ho detekuje.
Pro jistotu použij Mbam z mého podpisu a dej mi sem z něj log dříve než něco smažeš, samozřejmě ten disk nech připojený.
Re: Prosím o preventivní kontrolu
Dobrý den,fixnul jsem vše v HJT,službu zakázal.Musim se omluvit neni to usb disk,ale usb video grabber,nevim jestli je to to samé,systém ho nedetekuje,poprvé ho našel,ale nemohl ho dokončit a pak už ho nenajde.Posílám log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 5494
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10.1.2011 11:44:32
mbam-log-2011-01-10 (11-44-32).txt
Typ kontroly: Rychlý test
Testované objekty: 136545
Uplynulý čas: 16 minut, 1 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 5494
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10.1.2011 11:44:32
mbam-log-2011-01-10 (11-44-32).txt
Typ kontroly: Rychlý test
Testované objekty: 136545
Uplynulý čas: 16 minut, 1 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Re: Prosím o preventivní kontrolu
CD s ovladači jsem zkoušel,po chvíli mi to hodilo hlášku: Systém Windows nemůže nalézt C:WINDOWS/system32/taskill.exe,takže se mi nic nenainstalovalo.Ještě aby toho nebylo málo se mi objevilo že druhý disk D:není přístupný -struktura disku je porušena a není čitelná
Re: Prosím o preventivní kontrolu
Stáhni a ulož na plochu ComboFix,
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.
Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,
pak ještě jednou klik na ANO a už to jede.
Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.
Při skenovaní může být PC i restartováno nelekat se.
Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,
protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.
Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt
(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.
Re: Prosím o preventivní kontrolu
ComboFix 11-01-10.04 - Katka 10.01.2011 19:56:59.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.101 [GMT 1:00]
Spuštěný z: c:\documents and settings\Katka\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
c:\windows\system32\BReWErS.dll
c:\windows\system32\taskmgr.com
Nakažená kopie c:\windows\system32\kernel32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3gdr\kernel32.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-10 do 2011-01-10 )))))))))))))))))))))))))))))))
.
2011-01-10 18:06 . 2011-01-10 18:06 -------- d-----w- c:\windows\LastGood.Tmp
2011-01-10 17:48 . 2011-01-10 17:48 6113439 ----a-w- c:\program files\Mozilla Firefox\mozilla\pci_filerecovery.exe
2011-01-10 16:13 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-01-10 16:11 . 2010-11-06 00:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-10 16:11 . 2010-11-06 00:23 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-10 16:11 . 2010-11-06 00:23 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-10 16:11 . 2010-11-06 00:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-10 16:11 . 2010-11-06 00:23 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-10 16:11 . 2010-11-06 00:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-10 16:11 . 2010-11-06 00:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-10 15:10 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-10 15:10 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-01-10 15:10 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-10 15:10 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-10 15:09 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-01-10 15:09 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-01-10 15:09 . 2010-04-28 18:15 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-10 15:09 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-10 15:09 . 2010-04-28 05:45 2068992 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-10 15:09 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-10 15:09 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-01-10 15:09 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-01-10 15:09 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-10 15:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-10 15:08 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-10 15:08 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-10 15:08 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-10 15:06 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-01-10 15:06 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-01-10 15:06 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-01-10 15:06 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-01-10 15:06 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-01-10 15:06 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-01-10 15:06 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-01-10 15:06 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-01-10 15:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-10 15:05 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-01-10 15:02 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-01-10 15:01 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-01-10 15:01 . 2010-07-16 11:58 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-01-10 15:01 . 2009-12-09 05:55 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2011-01-10 14:58 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-10 14:57 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-01-10 14:37 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-01-10 14:37 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-01-10 14:31 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-01-10 14:24 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003131_.tmp
2011-01-10 14:00 . 2011-01-10 14:03 322523176 ----a-w- c:\program files\Mozilla Firefox\mozilla\WindowsXP-KB936929-SP3-x86-CSY.exe
2011-01-10 13:22 . 2006-03-02 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-01-10 13:22 . 2006-03-02 12:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-01-10 13:20 . 2006-03-02 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-01-10 13:19 . 2006-03-02 12:00 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2011-01-10 13:18 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2011-01-10 13:18 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-01-10 13:18 . 2003-04-14 19:48 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2011-01-10 13:18 . 2003-04-14 19:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2011-01-10 13:15 . 2006-03-02 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-10 13:15 . 2006-03-02 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-01-10 13:06 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-01-10 13:06 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2011-01-10 13:01 . 2006-03-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-10 13:01 . 2006-03-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-10 13:01 . 2006-03-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-10 13:01 . 2006-03-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-10 13:00 . 2006-03-02 12:00 14573 ----a-r- c:\windows\SET14D.tmp
2011-01-10 13:00 . 2006-03-02 12:00 14043 ----a-r- c:\windows\SET122.tmp
2011-01-10 13:00 . 2006-03-02 12:00 1086058 ----a-r- c:\windows\SET116.tmp
2011-01-10 13:00 . 2006-03-02 12:00 1014483 ----a-r- c:\windows\SET113.tmp
2011-01-10 10:25 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 10:25 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-10 10:25 . 2011-01-10 10:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-10 10:24 . 2011-01-10 10:24 7734208 ----a-w- c:\program files\Mozilla Firefox\mozilla\mbam-setup-1.50.1.1100.exe
2011-01-10 10:10 . 2011-01-10 10:10 396288 ----a-w- c:\program files\Mozilla Firefox\mozilla\hijackthis.exe
2011-01-10 09:38 . 2011-01-10 11:20 -------- d-----w- C:\Záloha 2011
2011-01-09 21:47 . 2011-01-09 21:47 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\Apple
2011-01-09 21:47 . 2011-01-09 21:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2011-01-09 21:46 . 2011-01-09 21:46 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\Secunia PSI
2011-01-09 21:45 . 2011-01-10 12:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\documents and settings\Katka\Fotky
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\documents and settings\Katka\Data aplikací\IObit
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Drivers Headquarters
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\program files\FreeApps
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\PackageAware
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Online Games Downloader
2011-01-09 20:50 . 2011-01-09 20:50 -------- d-----w- c:\program files\Common Files\Apple
2011-01-09 20:49 . 2011-01-09 21:39 -------- d-----w- c:\program files\Apple Software Update
2011-01-09 20:45 . 2010-11-12 15:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-09 20:31 . 2011-01-09 20:31 -------- d-----w- c:\program files\Secunia
2011-01-09 15:59 . 2011-01-09 15:59 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-09 15:59 . 2011-01-09 21:40 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Spyware Terminator
2011-01-09 15:59 . 2011-01-09 21:46 -------- d-----w- c:\program files\Spyware Terminator
2011-01-09 15:24 . 2011-01-09 15:24 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Malwarebytes
2011-01-09 15:24 . 2011-01-09 15:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-09 09:02 . 2011-01-09 21:45 -------- d-----w- c:\program files\trend micro
2011-01-09 09:02 . 2011-01-09 09:03 -------- d-----w- C:\rsit
2011-01-03 12:48 . 2011-01-10 18:07 863616 ----a-w- c:\windows\system32\drivers\AF9035HB.SYS
2011-01-01 19:52 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-01-01 19:52 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-01-01 19:52 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-01-01 19:52 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-01-01 19:52 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-01-01 19:52 . 2011-01-01 19:52 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-01-01 19:52 . 2011-01-01 19:52 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-26 21:18 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeApp
2010-12-26 21:16 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2010-12-26 20:27 . 2010-12-26 20:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Easy Driver Pro
2010-12-26 19:56 . 2010-12-26 19:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-26 18:06 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Uniblue
2010-12-22 16:40 . 2010-12-22 18:18 -------- d-----w- c:\windows\system32\NtmsData
2010-12-22 15:07 . 2010-12-22 15:07 -------- d-----w- c:\documents and settings\Katka\Data aplikací\CyberLink
2010-12-14 12:59 . 2010-12-14 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MyHeritage
2010-12-14 12:59 . 2010-12-14 12:59 -------- d-----w- c:\documents and settings\Katka\Data aplikací\MyHeritage
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-09 09:45 . 2011-01-09 09:45 83939 ----a-w- C:\UsbFix_Upload_Me_APLIK.zip
2010-12-01 07:53 . 2010-12-01 07:53 384016 ----a-w- c:\windows\system32\FTBSaver.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:15 . 2008-06-14 10:15 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-05-14 16:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:23 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-03-02 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2006-03-02 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-01-09 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"nwiz"="nwiz.exe" [2008-05-02 1630208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-08 2219184]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2010-10-31 226832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-5 291896]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
2006-12-08 20:09 241664 ----a-w- c:\genius\ioCentre\gTaskBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.1.2011 16:59 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.11.2010 9:50 810144]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [5.1.2011 11:31 988216]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [5.1.2011 11:31 399416]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [25.12.2008 9:47 14848]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [25.12.2008 9:47 9984]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 9:30 15544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.SYS [3.1.2011 13:48 863616]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [25.12.2008 9:47 17408]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26.4.2010 20:32 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [26.4.2010 20:32 8320]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.7.2010 17:44 136176]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: {69553CA9-C9F3-4F56-BEE2-59FE7D83CB52} = 93.91.144.100,212.80.67.98
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Components/A ... eQuery.dll
FF - ProfilePath - c:\documents and settings\Katka\Data aplikací\Mozilla\Firefox\Profiles\mcenqdh2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:07
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\PSIService.exe
c:\program files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2011-01-10 20:16:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-10 19:16
Před spuštěním: Volných bajtů: 58 408 808 448
Po spuštění: Volných bajtů: 58 372 194 304
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7F8D33AB9501931BEE0B3E323C94C2C9
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.101 [GMT 1:00]
Spuštěný z: c:\documents and settings\Katka\Plocha\ComboFix.exe
AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
[i] ADS - WINDOWS: deleted 24 bytes in 1 streams. [/i]
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Install.exe
c:\windows\system32\BReWErS.dll
c:\windows\system32\taskmgr.com
Nakažená kopie c:\windows\system32\kernel32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\SoftwareDistribution\Download\5aa53a77792c8cc6cbdb431d4bf47daa\sp3gdr\kernel32.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-10 do 2011-01-10 )))))))))))))))))))))))))))))))
.
2011-01-10 18:06 . 2011-01-10 18:06 -------- d-----w- c:\windows\LastGood.Tmp
2011-01-10 17:48 . 2011-01-10 17:48 6113439 ----a-w- c:\program files\Mozilla Firefox\mozilla\pci_filerecovery.exe
2011-01-10 16:13 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-01-10 16:11 . 2010-11-06 00:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-10 16:11 . 2010-11-06 00:23 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-10 16:11 . 2010-11-06 00:23 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-10 16:11 . 2010-11-06 00:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-10 16:11 . 2010-11-06 00:23 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-10 16:11 . 2010-11-06 00:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-10 16:11 . 2010-11-06 00:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-10 15:10 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-10 15:10 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-01-10 15:10 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-10 15:10 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-10 15:09 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-01-10 15:09 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-01-10 15:09 . 2010-04-28 18:15 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-10 15:09 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-10 15:09 . 2010-04-28 05:45 2068992 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-10 15:09 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-10 15:09 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-01-10 15:09 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-01-10 15:09 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-10 15:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-10 15:08 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-10 15:08 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-10 15:08 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-10 15:06 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-01-10 15:06 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-01-10 15:06 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-01-10 15:06 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-01-10 15:06 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-01-10 15:06 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-01-10 15:06 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-01-10 15:06 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-01-10 15:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-10 15:05 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-01-10 15:02 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-01-10 15:01 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-01-10 15:01 . 2010-07-16 11:58 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-01-10 15:01 . 2009-12-09 05:55 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2011-01-10 14:58 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-10 14:57 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-01-10 14:37 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-01-10 14:37 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-01-10 14:31 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-01-10 14:24 . 2006-12-28 23:31 19569 ----a-w- c:\windows\003131_.tmp
2011-01-10 14:00 . 2011-01-10 14:03 322523176 ----a-w- c:\program files\Mozilla Firefox\mozilla\WindowsXP-KB936929-SP3-x86-CSY.exe
2011-01-10 13:22 . 2006-03-02 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-01-10 13:22 . 2006-03-02 12:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-01-10 13:20 . 2006-03-02 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-01-10 13:19 . 2006-03-02 12:00 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2011-01-10 13:18 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2011-01-10 13:18 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-01-10 13:18 . 2003-04-14 19:48 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2011-01-10 13:18 . 2003-04-14 19:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2011-01-10 13:15 . 2006-03-02 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-10 13:15 . 2006-03-02 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-01-10 13:06 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-01-10 13:06 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2011-01-10 13:01 . 2006-03-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-10 13:01 . 2006-03-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-10 13:01 . 2006-03-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-10 13:01 . 2006-03-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-10 13:00 . 2006-03-02 12:00 14573 ----a-r- c:\windows\SET14D.tmp
2011-01-10 13:00 . 2006-03-02 12:00 14043 ----a-r- c:\windows\SET122.tmp
2011-01-10 13:00 . 2006-03-02 12:00 1086058 ----a-r- c:\windows\SET116.tmp
2011-01-10 13:00 . 2006-03-02 12:00 1014483 ----a-r- c:\windows\SET113.tmp
2011-01-10 10:25 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 10:25 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-10 10:25 . 2011-01-10 10:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-10 10:24 . 2011-01-10 10:24 7734208 ----a-w- c:\program files\Mozilla Firefox\mozilla\mbam-setup-1.50.1.1100.exe
2011-01-10 10:10 . 2011-01-10 10:10 396288 ----a-w- c:\program files\Mozilla Firefox\mozilla\hijackthis.exe
2011-01-10 09:38 . 2011-01-10 11:20 -------- d-----w- C:\Záloha 2011
2011-01-09 21:47 . 2011-01-09 21:47 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\Apple
2011-01-09 21:47 . 2011-01-09 21:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2011-01-09 21:46 . 2011-01-09 21:46 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\Secunia PSI
2011-01-09 21:45 . 2011-01-10 12:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\documents and settings\Katka\Fotky
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\documents and settings\Katka\Data aplikací\IObit
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Drivers Headquarters
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\program files\FreeApps
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\PackageAware
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Online Games Downloader
2011-01-09 20:50 . 2011-01-09 20:50 -------- d-----w- c:\program files\Common Files\Apple
2011-01-09 20:49 . 2011-01-09 21:39 -------- d-----w- c:\program files\Apple Software Update
2011-01-09 20:45 . 2010-11-12 15:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-09 20:31 . 2011-01-09 20:31 -------- d-----w- c:\program files\Secunia
2011-01-09 15:59 . 2011-01-09 15:59 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-09 15:59 . 2011-01-09 21:40 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Spyware Terminator
2011-01-09 15:59 . 2011-01-09 21:46 -------- d-----w- c:\program files\Spyware Terminator
2011-01-09 15:24 . 2011-01-09 15:24 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Malwarebytes
2011-01-09 15:24 . 2011-01-09 15:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-09 09:02 . 2011-01-09 21:45 -------- d-----w- c:\program files\trend micro
2011-01-09 09:02 . 2011-01-09 09:03 -------- d-----w- C:\rsit
2011-01-03 12:48 . 2011-01-10 18:07 863616 ----a-w- c:\windows\system32\drivers\AF9035HB.SYS
2011-01-01 19:52 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-01-01 19:52 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-01-01 19:52 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-01-01 19:52 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-01-01 19:52 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-01-01 19:52 . 2011-01-01 19:52 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-01-01 19:52 . 2011-01-01 19:52 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-26 21:18 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeApp
2010-12-26 21:16 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2010-12-26 20:27 . 2010-12-26 20:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Easy Driver Pro
2010-12-26 19:56 . 2010-12-26 19:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-26 18:06 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Uniblue
2010-12-22 16:40 . 2010-12-22 18:18 -------- d-----w- c:\windows\system32\NtmsData
2010-12-22 15:07 . 2010-12-22 15:07 -------- d-----w- c:\documents and settings\Katka\Data aplikací\CyberLink
2010-12-14 12:59 . 2010-12-14 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MyHeritage
2010-12-14 12:59 . 2010-12-14 12:59 -------- d-----w- c:\documents and settings\Katka\Data aplikací\MyHeritage
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-09 09:45 . 2011-01-09 09:45 83939 ----a-w- C:\UsbFix_Upload_Me_APLIK.zip
2010-12-01 07:53 . 2010-12-01 07:53 384016 ----a-w- c:\windows\system32\FTBSaver.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:15 . 2008-06-14 10:15 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-05-14 16:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:23 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-03-02 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2006-03-02 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-01-09 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"nwiz"="nwiz.exe" [2008-05-02 1630208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-08 2219184]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2010-10-31 226832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-5 291896]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEXPRESS
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
2006-12-08 20:09 241664 ----a-w- c:\genius\ioCentre\gTaskBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.1.2011 16:59 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.11.2010 9:50 810144]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [5.1.2011 11:31 988216]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [5.1.2011 11:31 399416]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [25.12.2008 9:47 14848]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [25.12.2008 9:47 9984]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 9:30 15544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\drivers\AF9035HB.SYS [3.1.2011 13:48 863616]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [25.12.2008 9:47 17408]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26.4.2010 20:32 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [26.4.2010 20:32 8320]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.7.2010 17:44 136176]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: {69553CA9-C9F3-4F56-BEE2-59FE7D83CB52} = 93.91.144.100,212.80.67.98
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Components/A ... eQuery.dll
FF - ProfilePath - c:\documents and settings\Katka\Data aplikací\Mozilla\Firefox\Profiles\mcenqdh2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 20:07
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
- - - - - - - > 'explorer.exe'(3928)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\PSIService.exe
c:\program files\Spyware Terminator\sp_rsser.exe
.
**************************************************************************
.
Celkový čas: 2011-01-10 20:16:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-10 19:16
Před spuštěním: Volných bajtů: 58 408 808 448
Po spuštění: Volných bajtů: 58 372 194 304
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 7F8D33AB9501931BEE0B3E323C94C2C9
Re: Prosím o preventivní kontrolu
Pokud jsi tak ještě neučinil, přesuň Combofix na plochu
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
otevři si Poznámkový blok
do něj zkopíruj skript z následujícího okna:
Kód: Vybrat vše
File::
c:\windows\LastGood.Tmp
c:\windows\003131_.tmp
c:\windows\SET14D.tmp
c:\windows\SET122.tmp
c:\windows\SET116.tmp
c:\windows\SET113.tmp
po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:
Po aplikaci na Tebe vypadne další log, zkopíruj ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,
v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci
Re: Prosím o preventivní kontrolu
ComboFix 11-01-10.04 - Katka 10.01.2011 22:07:31.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.234 [GMT 1:00]
Spuštěný z: c:\documents and settings\Katka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Katka\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FILE ::
"c:\windows\003131_.tmp"
"c:\windows\LastGood.Tmp"
"c:\windows\SET113.tmp"
"c:\windows\SET116.tmp"
"c:\windows\SET122.tmp"
"c:\windows\SET14D.tmp"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\003131_.tmp
c:\windows\SET113.tmp
c:\windows\SET116.tmp
c:\windows\SET122.tmp
c:\windows\SET14D.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-10 do 2011-01-10 )))))))))))))))))))))))))))))))
.
2011-01-10 20:19 . 2011-01-10 20:19 -------- d-----w- c:\windows\LastGood
2011-01-10 17:48 . 2011-01-10 17:48 6113439 ----a-w- c:\program files\Mozilla Firefox\mozilla\pci_filerecovery.exe
2011-01-10 16:13 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-01-10 16:11 . 2010-11-06 00:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-10 16:11 . 2010-11-06 00:23 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-10 16:11 . 2010-11-06 00:23 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-10 16:11 . 2010-11-06 00:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-10 16:11 . 2010-11-06 00:23 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-10 16:11 . 2010-11-06 00:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-10 16:11 . 2010-11-06 00:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-10 15:10 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-10 15:10 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-01-10 15:10 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-10 15:10 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-10 15:09 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-01-10 15:09 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-01-10 15:09 . 2010-04-28 18:15 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-10 15:09 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-10 15:09 . 2010-04-28 05:45 2068992 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-10 15:09 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-10 15:09 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-01-10 15:09 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-01-10 15:09 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-10 15:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-10 15:08 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-10 15:08 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-10 15:08 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-10 15:06 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-01-10 15:06 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-01-10 15:06 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-01-10 15:06 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-01-10 15:06 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-01-10 15:06 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-01-10 15:06 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-01-10 15:06 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-01-10 15:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-10 15:05 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-01-10 15:02 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-01-10 15:01 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-01-10 15:01 . 2010-07-16 11:58 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-01-10 15:01 . 2009-12-09 05:55 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2011-01-10 14:58 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-10 14:57 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-01-10 14:37 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-01-10 14:37 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-01-10 14:31 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-01-10 14:00 . 2011-01-10 14:03 322523176 ----a-w- c:\program files\Mozilla Firefox\mozilla\WindowsXP-KB936929-SP3-x86-CSY.exe
2011-01-10 13:22 . 2006-03-02 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-01-10 13:22 . 2006-03-02 12:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-01-10 13:20 . 2006-03-02 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-01-10 13:19 . 2006-03-02 12:00 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2011-01-10 13:18 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2011-01-10 13:18 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-01-10 13:18 . 2003-04-14 19:48 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2011-01-10 13:18 . 2003-04-14 19:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2011-01-10 13:15 . 2006-03-02 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-10 13:15 . 2006-03-02 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-01-10 13:06 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-01-10 13:06 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2011-01-10 13:01 . 2006-03-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-10 13:01 . 2006-03-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-10 13:01 . 2006-03-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-10 13:01 . 2006-03-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-10 10:25 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 10:25 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-10 10:25 . 2011-01-10 10:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-10 10:24 . 2011-01-10 10:24 7734208 ----a-w- c:\program files\Mozilla Firefox\mozilla\mbam-setup-1.50.1.1100.exe
2011-01-10 10:10 . 2011-01-10 10:10 396288 ----a-w- c:\program files\Mozilla Firefox\mozilla\hijackthis.exe
2011-01-10 09:38 . 2011-01-10 11:20 -------- d-----w- C:\Záloha 2011
2011-01-09 21:47 . 2011-01-09 21:47 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\Apple
2011-01-09 21:47 . 2011-01-09 21:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2011-01-09 21:46 . 2011-01-09 21:46 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\Secunia PSI
2011-01-09 21:45 . 2011-01-10 12:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\documents and settings\Katka\Fotky
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\documents and settings\Katka\Data aplikací\IObit
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Drivers Headquarters
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\program files\FreeApps
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\PackageAware
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Online Games Downloader
2011-01-09 20:50 . 2011-01-09 20:50 -------- d-----w- c:\program files\Common Files\Apple
2011-01-09 20:49 . 2011-01-09 21:39 -------- d-----w- c:\program files\Apple Software Update
2011-01-09 20:45 . 2010-11-12 15:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-09 20:31 . 2011-01-09 20:31 -------- d-----w- c:\program files\Secunia
2011-01-09 15:59 . 2011-01-09 15:59 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-09 15:59 . 2011-01-09 21:40 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Spyware Terminator
2011-01-09 15:59 . 2011-01-09 21:46 -------- d-----w- c:\program files\Spyware Terminator
2011-01-09 15:24 . 2011-01-09 15:24 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Malwarebytes
2011-01-09 15:24 . 2011-01-09 15:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-09 09:02 . 2011-01-09 21:45 -------- d-----w- c:\program files\trend micro
2011-01-09 09:02 . 2011-01-09 09:03 -------- d-----w- C:\rsit
2011-01-01 19:52 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-01-01 19:52 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-01-01 19:52 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-01-01 19:52 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-01-01 19:52 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-01-01 19:52 . 2011-01-01 19:52 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-01-01 19:52 . 2011-01-01 19:52 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-26 21:18 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeApp
2010-12-26 21:16 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2010-12-26 20:27 . 2010-12-26 20:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Easy Driver Pro
2010-12-26 19:56 . 2010-12-26 19:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-26 18:06 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Uniblue
2010-12-22 16:40 . 2010-12-22 18:18 -------- d-----w- c:\windows\system32\NtmsData
2010-12-22 15:07 . 2010-12-22 15:07 -------- d-----w- c:\documents and settings\Katka\Data aplikací\CyberLink
2010-12-14 12:59 . 2010-12-14 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MyHeritage
2010-12-14 12:59 . 2010-12-14 12:59 -------- d-----w- c:\documents and settings\Katka\Data aplikací\MyHeritage
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-09 09:45 . 2011-01-09 09:45 83939 ----a-w- C:\UsbFix_Upload_Me_APLIK.zip
2010-12-01 07:53 . 2010-12-01 07:53 384016 ----a-w- c:\windows\system32\FTBSaver.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:15 . 2008-06-14 10:15 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-05-14 16:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:23 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-03-02 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2006-03-02 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-01-09 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"nwiz"="nwiz.exe" [2008-05-02 1630208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-08 2219184]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2010-10-31 226832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-5 291896]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
2006-12-08 20:09 241664 ----a-w- c:\genius\ioCentre\gTaskBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.1.2011 16:59 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.11.2010 9:50 810144]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [5.1.2011 11:31 988216]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [5.1.2011 11:31 399416]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [25.12.2008 9:47 14848]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [25.12.2008 9:47 9984]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 9:30 15544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys --> c:\windows\system32\Drivers\AF9035HB.sys [?]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [25.12.2008 9:47 17408]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26.4.2010 20:32 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [26.4.2010 20:32 8320]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.7.2010 17:44 136176]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: {69553CA9-C9F3-4F56-BEE2-59FE7D83CB52} = 93.91.144.100,212.80.67.98
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Components/A ... eQuery.dll
FF - ProfilePath - c:\documents and settings\Katka\Data aplikací\Mozilla\Firefox\Profiles\mcenqdh2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 22:15
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-01-10 22:19:31
ComboFix-quarantined-files.txt 2011-01-10 21:19
ComboFix2.txt 2011-01-10 19:16
Před spuštěním: Volných bajtů: 58 608 750 592
Po spuštění: Volných bajtů: 58 599 874 560
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 466A3883CE74FA5DC9971125DA4F4C4E
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.511.234 [GMT 1:00]
Spuštěný z: c:\documents and settings\Katka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Katka\Plocha\CFScript.txt
AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
FILE ::
"c:\windows\003131_.tmp"
"c:\windows\LastGood.Tmp"
"c:\windows\SET113.tmp"
"c:\windows\SET116.tmp"
"c:\windows\SET122.tmp"
"c:\windows\SET14D.tmp"
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\003131_.tmp
c:\windows\SET113.tmp
c:\windows\SET116.tmp
c:\windows\SET122.tmp
c:\windows\SET14D.tmp
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-10 do 2011-01-10 )))))))))))))))))))))))))))))))
.
2011-01-10 20:19 . 2011-01-10 20:19 -------- d-----w- c:\windows\LastGood
2011-01-10 17:48 . 2011-01-10 17:48 6113439 ----a-w- c:\program files\Mozilla Firefox\mozilla\pci_filerecovery.exe
2011-01-10 16:13 . 2010-10-18 11:10 7680 -c----w- c:\windows\system32\dllcache\iecompat.dll
2011-01-10 16:11 . 2010-11-06 00:23 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2011-01-10 16:11 . 2010-11-06 00:23 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2011-01-10 16:11 . 2010-11-06 00:23 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2011-01-10 16:11 . 2010-11-06 00:23 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2011-01-10 16:11 . 2010-11-06 00:23 1991680 -c----w- c:\windows\system32\dllcache\iertutil.dll
2011-01-10 16:11 . 2010-11-06 00:23 11080704 -c----w- c:\windows\system32\dllcache\ieframe.dll
2011-01-10 16:11 . 2010-11-06 00:23 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2011-01-10 15:10 . 2008-06-14 17:35 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2011-01-10 15:10 . 2010-08-26 13:39 357248 -c----w- c:\windows\system32\dllcache\srv.sys
2011-01-10 15:10 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2011-01-10 15:10 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-01-10 15:09 . 2009-10-15 16:32 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2011-01-10 15:09 . 2010-08-27 08:03 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2011-01-10 15:09 . 2010-04-28 18:15 2192128 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2011-01-10 15:09 . 2010-04-28 05:45 2148352 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2011-01-10 15:09 . 2010-04-28 05:45 2068992 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2011-01-10 15:09 . 2010-04-28 05:45 2026496 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2011-01-10 15:09 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2011-01-10 15:09 . 2008-05-01 14:37 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2011-01-10 15:09 . 2009-06-21 21:48 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2011-01-10 15:08 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-01-10 15:08 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-01-10 15:08 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2011-01-10 15:08 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2011-01-10 15:06 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2011-01-10 15:06 . 2009-03-06 14:23 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2011-01-10 15:06 . 2009-02-09 11:25 111104 -c----w- c:\windows\system32\dllcache\services.exe
2011-01-10 15:06 . 2009-02-09 10:56 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2011-01-10 15:06 . 2009-02-09 10:56 684032 -c----w- c:\windows\system32\dllcache\advapi32.dll
2011-01-10 15:06 . 2009-02-09 10:56 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2011-01-10 15:06 . 2009-02-09 10:56 709632 -c----w- c:\windows\system32\dllcache\ntdll.dll
2011-01-10 15:06 . 2009-02-09 10:56 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2011-01-10 15:06 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2011-01-10 15:05 . 2010-06-14 07:43 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2011-01-10 15:02 . 2010-06-18 13:36 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2011-01-10 15:01 . 2008-10-15 16:38 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2011-01-10 15:01 . 2010-07-16 11:58 219136 -c----w- c:\windows\system32\dllcache\wordpad.exe
2011-01-10 15:01 . 2009-12-09 05:55 726528 -c--a-w- c:\windows\system32\dllcache\jscript.dll
2011-01-10 14:58 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-01-10 14:57 . 2010-08-16 08:45 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2011-01-10 14:37 . 2008-04-14 07:00 80896 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2011-01-10 14:37 . 2009-07-31 09:05 1372672 -c----w- c:\windows\system32\dllcache\msxml6.dll
2011-01-10 14:31 . 2008-04-14 07:52 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2011-01-10 14:00 . 2011-01-10 14:03 322523176 ----a-w- c:\program files\Mozilla Firefox\mozilla\WindowsXP-KB936929-SP3-x86-CSY.exe
2011-01-10 13:22 . 2006-03-02 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2011-01-10 13:22 . 2006-03-02 12:00 31360 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2011-01-10 13:20 . 2006-03-02 12:00 229439 -c--a-w- c:\windows\system32\dllcache\multibox.dll
2011-01-10 13:19 . 2006-03-02 12:00 36864 -c--a-w- c:\windows\system32\dllcache\hanjadic.dll
2011-01-10 13:18 . 2001-10-24 11:24 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2011-01-10 13:18 . 2001-10-24 11:24 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2011-01-10 13:18 . 2003-04-14 19:48 16384 -c--a-w- c:\windows\system32\dllcache\tcptsat.dll
2011-01-10 13:18 . 2003-04-14 19:48 212992 -c--a-w- c:\windows\system32\dllcache\fpmmcsat.dll
2011-01-10 13:15 . 2006-03-02 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2011-01-10 13:15 . 2006-03-02 12:00 16384 ----a-w- c:\program files\Internet Explorer\Connection Wizard\isignup.exe
2011-01-10 13:06 . 2004-08-03 21:31 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2011-01-10 13:06 . 2001-08-17 19:13 27165 ----a-w- c:\windows\system32\drivers\fetnd5.sys
2011-01-10 13:01 . 2006-03-02 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2011-01-10 13:01 . 2006-03-02 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2011-01-10 13:01 . 2006-03-02 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2011-01-10 13:01 . 2006-03-02 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2011-01-10 10:25 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-10 10:25 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-10 10:25 . 2011-01-10 10:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-10 10:24 . 2011-01-10 10:24 7734208 ----a-w- c:\program files\Mozilla Firefox\mozilla\mbam-setup-1.50.1.1100.exe
2011-01-10 10:10 . 2011-01-10 10:10 396288 ----a-w- c:\program files\Mozilla Firefox\mozilla\hijackthis.exe
2011-01-10 09:38 . 2011-01-10 11:20 -------- d-----w- C:\Záloha 2011
2011-01-09 21:47 . 2011-01-09 21:47 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\Apple
2011-01-09 21:47 . 2011-01-09 21:47 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Apple
2011-01-09 21:46 . 2011-01-09 21:46 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\Secunia PSI
2011-01-09 21:45 . 2011-01-10 12:19 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Spyware Terminator
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\documents and settings\Katka\Fotky
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\documents and settings\Katka\Data aplikací\IObit
2011-01-09 21:45 . 2011-01-09 21:45 -------- d-----w- c:\windows\system32\config\systemprofile\Data aplikací\Application Updater
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\PC Drivers Headquarters
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\program files\FreeApps
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\PackageAware
2011-01-09 21:44 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Online Games Downloader
2011-01-09 20:50 . 2011-01-09 20:50 -------- d-----w- c:\program files\Common Files\Apple
2011-01-09 20:49 . 2011-01-09 21:39 -------- d-----w- c:\program files\Apple Software Update
2011-01-09 20:45 . 2010-11-12 15:34 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-01-09 20:31 . 2011-01-09 20:31 -------- d-----w- c:\program files\Secunia
2011-01-09 15:59 . 2011-01-09 15:59 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2011-01-09 15:59 . 2011-01-09 21:40 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Spyware Terminator
2011-01-09 15:59 . 2011-01-09 21:46 -------- d-----w- c:\program files\Spyware Terminator
2011-01-09 15:24 . 2011-01-09 15:24 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Malwarebytes
2011-01-09 15:24 . 2011-01-09 15:24 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-09 09:02 . 2011-01-09 21:45 -------- d-----w- c:\program files\trend micro
2011-01-09 09:02 . 2011-01-09 09:03 -------- d-----w- C:\rsit
2011-01-01 19:52 . 2006-02-07 14:45 757760 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-01-01 19:52 . 2006-02-07 14:40 204800 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-01-01 19:52 . 2006-02-07 14:40 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-01-01 19:52 . 2006-02-07 14:40 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-01-01 19:52 . 2005-11-13 22:19 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-01-01 19:52 . 2011-01-01 19:52 200836 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-01-01 19:52 . 2011-01-01 19:52 331908 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2010-12-26 21:18 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\FreeApp
2010-12-26 21:16 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\All Users\Data aplikací\IObit
2010-12-26 20:27 . 2010-12-26 20:27 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Easy Driver Pro
2010-12-26 19:56 . 2010-12-26 19:56 -------- d-----w- c:\windows\system32\wbem\Repository
2010-12-26 18:06 . 2011-01-09 21:44 -------- d-----w- c:\documents and settings\Katka\Data aplikací\Uniblue
2010-12-22 16:40 . 2010-12-22 18:18 -------- d-----w- c:\windows\system32\NtmsData
2010-12-22 15:07 . 2010-12-22 15:07 -------- d-----w- c:\documents and settings\Katka\Data aplikací\CyberLink
2010-12-14 12:59 . 2010-12-14 13:02 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MyHeritage
2010-12-14 12:59 . 2010-12-14 12:59 -------- d-----w- c:\documents and settings\Katka\Data aplikací\MyHeritage
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-09 09:45 . 2011-01-09 09:45 83939 ----a-w- C:\UsbFix_Upload_Me_APLIK.zip
2010-12-01 07:53 . 2010-12-01 07:53 384016 ----a-w- c:\windows\system32\FTBSaver.scr
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:15 . 2008-06-14 10:15 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-12 17:53 . 2010-05-14 16:58 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-06 00:23 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2006-03-02 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-03-02 12:00 385024 ------w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-03-02 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2006-03-02 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2011-01-09 3037696]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-02 13529088]
"nwiz"="nwiz.exe" [2008-05-02 1630208]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-11-08 2219184]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2010-10-31 226832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-02 86016]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2006-03-02 44544]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-5 291896]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sprestrt
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^MagicDisc.lnk]
backup=c:\windows\pss\MagicDisc.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^Katka^Nabídka Start^Programy^Po spuštění^Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk]
backup=c:\windows\pss\Výřezy obrazovky a spuštění aplikace OneNote 2007.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus DX4400 Series]
2007-03-01 06:01 180736 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\E_FATICAE.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ioCentre]
2006-12-08 20:09 241664 ----a-w- c:\genius\ioCentre\gTaskBar.exe
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [29.7.2010 12:31 115008]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [9.1.2011 16:59 142592]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [8.11.2010 9:50 810144]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\psia.exe [5.1.2011 11:31 988216]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [5.1.2011 11:31 399416]
R3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\drivers\gHidPnp.sys [25.12.2008 9:47 14848]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\drivers\gMouUsb.sys [25.12.2008 9:47 9984]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [1.9.2010 9:30 15544]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S0 sptd;sptd;c:\windows\system32\Drivers\sptd.sys --> c:\windows\system32\Drivers\sptd.sys [?]
S3 AF9035HB;AF9035 Hybrid Device;c:\windows\system32\Drivers\AF9035HB.sys --> c:\windows\system32\Drivers\AF9035HB.sys [?]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\drivers\gMouPS2.sys [25.12.2008 9:47 17408]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [26.4.2010 20:32 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [26.4.2010 20:32 8320]
S4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [17.7.2010 17:44 136176]
.
Obsah adresáře 'Naplánované úlohy'
2011-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} -
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} -
TCP: {69553CA9-C9F3-4F56-BEE2-59FE7D83CB52} = 93.91.144.100,212.80.67.98
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.cz/Genoogle/Components/A ... eQuery.dll
FF - ProfilePath - c:\documents and settings\Katka\Data aplikací\Mozilla\Firefox\Profiles\mcenqdh2.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=382950&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adobe DLM (powered by getPlus(R)): {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7} - %profile%\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: browser.cache.memory.capacity - 16000
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 4095
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 1000000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 1000000
FF - user.js: dom.disable_window_status_change - true
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 1000
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-10 22:15
Windows 5.1.2600 Service Pack 3 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Celkový čas: 2011-01-10 22:19:31
ComboFix-quarantined-files.txt 2011-01-10 21:19
ComboFix2.txt 2011-01-10 19:16
Před spuštěním: Volných bajtů: 58 608 750 592
Po spuštění: Volných bajtů: 58 599 874 560
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 466A3883CE74FA5DC9971125DA4F4C4E
Re: Prosím o preventivní kontrolu
Přes Start >> Spustit zkopíruj do okna:
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
ComboFix /Uninstall
a stiskni Enter
To odinstaluje ComboFix a smaže s ním související soubory a složky.
Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.
Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.
Pak dej vědět jaký je stav PC.
Re: Prosím o preventivní kontrolu
Zdravim a omlouvám se za delší absenci.PC jsem vyčistil a zdá se být v pořádku.Z druhého disku se mi data podařilo zachránit.Takže díky za čas a měj se fajn,zatim
Přispějete na provoz fóra?